Slashdot Mirror

Running a DNS server, for what? To add complexity & waste electricity on a SEPARATE system here?? NO thanks...

OR

Even running it as a service on my single system here (wasting memory, CPU cycles, & RAM + other forms of I/O too), for doing what a TIGHTLY INTEGRATED part of the IP stack already does in a custom hosts file does already??

Again - no thanks!

* Besides - DNS does have issues in redirection DNS poisoning as well (in recursive mode and odds are you HAVE to set it up that way)... yes, you can point to the roots, but it's not like those CAN'T be floored too (that's a possible).

I don't have DNS, I use them myself... however, I use specialized FILTERING ones (vs malicious exploits) from the list below:

Norton DNS:

http://setup.nortondns.com/

198.153.192.1
198.153.194.1
198.153.192.60
198.153.194.60
198.153.192.50
198.153.194.50
198.153.192.40
198.153.194.40

OpenDNS:

http://www.opendns.com/home-solutions/

208.67.222.222
208.67.220.220

ScrubIT DNS:

http://scrubit.com/

67.138.54.100
207.225.209.66

Comodo Secure DNS:

http://www.comodo.com/secure-dns/switch/windows_vista.html

8.26.56.26
8.20.247.2

APK

P.S.=> Disprove the list of points that custom hosts files give you that are in the link to my program... go for it (you obviously can't & that's that)...

... apk

Well considering the how to write a Linux virus in 5 easy steps article uses Python and when I search for "Python malware" I get over 600,000 hits? There is probably plenty of Python malware already out there, it just doesn't get as much press as a Windows bug as it has a smaller target. But as long as there is the potential to make money on infected machines I'm sure that somebody will be targeting just about every combo of language and OS you can think of, no OS is immune to a targeted attack.

Now that said I have to deal with some customers that are...sigh...can you say "click happy" and clueless? So after many hours of trying various combos on test boxes here at the shop I have come up with what I call my "foolproof Windows for fools" that makes the machines as solid as tanks and cuts the living hell out of the risk of malware. basically short of them going "Why yes, please infect my machine" which sadly I have had to deal with at least once, well short of them going the extra mile to be super stupid you'll have a system that short of hardware failure won't be going anywhere. For those that want to know how, recipe is as follows:

1.-First make sure their software is all up to date and Windows is set to automatically download and install patches, otherwise they are likely to just ignore the patches and leave the machine vulnerable.

2.- Get a low rights mode browser with ABP, any Chromium based will do but I use Comodo Dragon as it has privalert which will block all the tracking crap and you can choose to use Comodo Secure DNS in the browser only, this helps to block a LOT of infected websites from loading in the first place.

3.- For an AV I recommend either Avast Free or Comodo IS, both have their pluses. Avast AV is a little more "chatty" about what its doing and I found some folks really like that, Comodo IS has built in sandboxing and is easy to configure for the actual user, so its really up to you as both are quite good at stopping malware.

4.- Install FileHippo Update Checker and have it set to run at startup, it only uses a couple hundred KB of memory and will tell them when their third party software is out of date as well as provide links to the software, this keeps them from downloading "flash updates" and other dubious software updates. if the Hippo doesn't say it needs updating then it don't need updating.

5.-Finally you need to have a hidden backup and restore partition, just in case they ever manage to figure a way to get infected or if a family member comes over and trashes things. I am testing Paragon Drive backup for this roll but since I haven't finished testing I'd have to go with Comodo Time Machine but be aware its no longer supported and I don't think its been tested with Windows 8. That said the nice thing here is you can lock a snapshot with everything set up and all the third party software loaded so you have your own "OEM restore partition" without the trialware crap and it can also create snapshots on a schedule and be accessed if the machine can't even boot to desktop by just pushing the Home key. this way if they manage to somehow seriously screw up the OS a single push of the Home key and 20 minutes later they are back up and running.

With these 5 little steps that takes less than an hour all told you will have a machine you can let the most clueless users get a hold of and not have to worry about them borking the system I have several "click happy" customers that have been on this system for over 2 years now and not a single bug, runs just as good as when I handed it to them. In fact I have only had to help one that has been on this system, she forgot to log off and her 16 year old niece got on after she left and did God knows what to the system so it wouldn't boot to desktop. 15 minu

Well considering the how to write a Linux virus in 5 easy steps article uses Python and when I search for "Python malware" I get over 600,000 hits? There is probably plenty of Python malware already out there, it just doesn't get as much press as a Windows bug as it has a smaller target. But as long as there is the potential to make money on infected machines I'm sure that somebody will be targeting just about every combo of language and OS you can think of, no OS is immune to a targeted attack.

Now that said I have to deal with some customers that are...sigh...can you say "click happy" and clueless? So after many hours of trying various combos on test boxes here at the shop I have come up with what I call my "foolproof Windows for fools" that makes the machines as solid as tanks and cuts the living hell out of the risk of malware. basically short of them going "Why yes, please infect my machine" which sadly I have had to deal with at least once, well short of them going the extra mile to be super stupid you'll have a system that short of hardware failure won't be going anywhere. For those that want to know how, recipe is as follows:

1.-First make sure their software is all up to date and Windows is set to automatically download and install patches, otherwise they are likely to just ignore the patches and leave the machine vulnerable.

2.- Get a low rights mode browser with ABP, any Chromium based will do but I use Comodo Dragon as it has privalert which will block all the tracking crap and you can choose to use Comodo Secure DNS in the browser only, this helps to block a LOT of infected websites from loading in the first place.

3.- For an AV I recommend either Avast Free or Comodo IS, both have their pluses. Avast AV is a little more "chatty" about what its doing and I found some folks really like that, Comodo IS has built in sandboxing and is easy to configure for the actual user, so its really up to you as both are quite good at stopping malware.

4.- Install FileHippo Update Checker and have it set to run at startup, it only uses a couple hundred KB of memory and will tell them when their third party software is out of date as well as provide links to the software, this keeps them from downloading "flash updates" and other dubious software updates. if the Hippo doesn't say it needs updating then it don't need updating.

5.-Finally you need to have a hidden backup and restore partition, just in case they ever manage to figure a way to get infected or if a family member comes over and trashes things. I am testing Paragon Drive backup for this roll but since I haven't finished testing I'd have to go with Comodo Time Machine but be aware its no longer supported and I don't think its been tested with Windows 8. That said the nice thing here is you can lock a snapshot with everything set up and all the third party software loaded so you have your own "OEM restore partition" without the trialware crap and it can also create snapshots on a schedule and be accessed if the machine can't even boot to desktop by just pushing the Home key. this way if they manage to somehow seriously screw up the OS a single push of the Home key and 20 minutes later they are back up and running.

With these 5 little steps that takes less than an hour all told you will have a machine you can let the most clueless users get a hold of and not have to worry about them borking the system I have several "click happy" customers that have been on this system for over 2 years now and not a single bug, runs just as good as when I handed it to them. In fact I have only had to help one that has been on this system, she forgot to log off and her 16 year old niece got on after she left and did God knows what to the system so it wouldn't boot to desktop. 15 minu

Privalert lasted all of about a week. They pulled it for "stability" reasons with an auto-update. https://forums.comodo.com/news-announcements-feedback-cd/23400-update-removes-privalert-t89212.0.html

I suspect the real reason they pulled it was that many people pointed out it was exactly the same as Ghostery but without Ghostery being given any credit. Exact same process flow, exact same number of items in the blocklist, despite their CEO claiming on their forum that it was entirely their own code and entirely their own list. The only differences were the icon and a few less preference settings, but the ones that were there were identical. https://forums.comodo.com/news-announcements-feedback-cd/comodo-dragon-ver-232-is-now-available-for-download-t89032.30.html

I like a lot of Comodo stuff, I use a lot of it, I have Comodo Internet Security running right now, System Utilities (new name for Comodo System Cleaner), and I do have Dragon installed. But they have a massive and unsophisticated hype machine over there, complete with fanboy moderators who will "put you on our radar" if you dare to post anything other than a 100% rave about Comodo and buy whatever spin that Melih is selling. Ever since they pushed a forced-branding of Dragon about 6 or 7 releases back, I have lost a lot of trust in Comodo. They disabled theme changes somewhere around 16 or 17, put it back after an uproar, then for 2 versions disabled being able to use the New Tab Page - even if set, you opened up to comodo.com as your homepage instead of the non-web Chromium-Chrome style New Tab page. In both cases on the forum Melih made claims it shouldt have happened and would change.

I am not saying that they are lying about the source of the Privalert extension they pushed out. But it is amazingly similar. I am not saying they pushed the forced branding on purpose. But that means if it was an accident, one might suppose that they have bad QA, and if it were deliberate but not approved at the top, one might suppose that they have a flawed software quality process.

Note that I said: "one might suppose" and I specifically denied the interpretation that "they are lying" so if you are a lawyer for Comodo, I didn't accuse your client of anything. I commented on how non-Comodo people might possibly perceive things which may or may not be true with no way for me to tell.

I continue to use some Comodo products. But until I see more transparency about these seemingly-sketchy issues, I am reluctant to resume recommending them. Something I used to do wholeheartedly.

Privalert lasted all of about a week. They pulled it for "stability" reasons with an auto-update. https://forums.comodo.com/news-announcements-feedback-cd/23400-update-removes-privalert-t89212.0.html

I suspect the real reason they pulled it was that many people pointed out it was exactly the same as Ghostery but without Ghostery being given any credit. Exact same process flow, exact same number of items in the blocklist, despite their CEO claiming on their forum that it was entirely their own code and entirely their own list. The only differences were the icon and a few less preference settings, but the ones that were there were identical. https://forums.comodo.com/news-announcements-feedback-cd/comodo-dragon-ver-232-is-now-available-for-download-t89032.30.html

I like a lot of Comodo stuff, I use a lot of it, I have Comodo Internet Security running right now, System Utilities (new name for Comodo System Cleaner), and I do have Dragon installed. But they have a massive and unsophisticated hype machine over there, complete with fanboy moderators who will "put you on our radar" if you dare to post anything other than a 100% rave about Comodo and buy whatever spin that Melih is selling. Ever since they pushed a forced-branding of Dragon about 6 or 7 releases back, I have lost a lot of trust in Comodo. They disabled theme changes somewhere around 16 or 17, put it back after an uproar, then for 2 versions disabled being able to use the New Tab Page - even if set, you opened up to comodo.com as your homepage instead of the non-web Chromium-Chrome style New Tab page. In both cases on the forum Melih made claims it shouldt have happened and would change.

I am not saying that they are lying about the source of the Privalert extension they pushed out. But it is amazingly similar. I am not saying they pushed the forced branding on purpose. But that means if it was an accident, one might suppose that they have bad QA, and if it were deliberate but not approved at the top, one might suppose that they have a flawed software quality process.

Note that I said: "one might suppose" and I specifically denied the interpretation that "they are lying" so if you are a lawyer for Comodo, I didn't accuse your client of anything. I commented on how non-Comodo people might possibly perceive things which may or may not be true with no way for me to tell.

I continue to use some Comodo products. But until I see more transparency about these seemingly-sketchy issues, I am reluctant to resume recommending them. Something I used to do wholeheartedly.

Thanks for the advice and the info about Comodo Dragon. I had not heard of it before your post. I may install it and give it a spin...
.
The wikipedia page on it ( http://en.wikipedia.org/wiki/Comodo_dragon ) has more info about chromium vs. comodo though the last two items look like they were respun by someone who prefers google chromium, while comodo's page ( http://forums.comodo.com/help-cd/how-is-dragon-better-t67998.0.html ) points out that google keeps track of the time it was installed (the better to track/identify you with?) and spins the usage of comodo's dns servers as a positive (hmmm....) rather than pointing out that the tracking aspects are just being transferred from google to the comodo group. Wikipedia page about Comodo has some interesting information about ( at http://en.wikipedia.org/wiki/Comodo_Group#2010_Affiliate_Registration_Security_Breach ) a couple of problems with SSL certificate verification.

Unless he is willing to be full time 24/7 tech support that would be a BAD idea. Just look at the serious guttings that have happened to Linux in just the last 5 years, ALSA for Pulse, Gnome 2 for GnomeShell then this funky ass hybrid of the 2, KDE 3 to KDE 4 (which was frankly shoved out in alpha quality at best by ALL the "user friendly" distros) and finally the changes in the wireless networking that has made USB wireless hit or miss, usually miss.

Frankly if you know what you are doing you can set up an "idiot proof" Windows that short of the old guy clicking "Why yes, I DO want to get infected, STFU and let me get infected!" then nothing is gonna happen. With this system I've had customers that picked up more bugs than a Bangkok whore on coupon day and they are squeaky clean. Everybody ready? Here we go..

You start by doing the most obvious thing, that is making sure all their software is up to date. Once that is finished you get their ass OFF IE onto something that doesn't have a giant bullseye on it, personally I prefer Comodo Dragon as not only does it have low rights mode like Chrome, but it also has Privalert, which will block all the tracking crap (you can of course whitelist any page with a single click, even grandma could do it) and you have the option of Comodo DNS which in this case i would say YES, use it, as it blocks many malware pages from loading. Once its installed go ahead and add ABP, in less he likes ads bugging the shit out of him, and I usually install ForecastFox as its nice to have the 5 day forecast and the radar right there.

Next you install Paragon Backup and Recovery Free as this will let you not only make a hidden backup capsule (think OEM restore partition, only custom made by you and up to date) but you can set it to any kind of schedule you like, including differential, daily, weekly, whatever. I used to use Comodo Time Machine as it allows you to restore even if they hosed the boot image but its not supported on Windows 8. if you are running 7 might want to check it out. Next you install FileHippo Update Checker and tell it to ignore beta releases. the reason you do this is to keep the old guy for falling for the "you need the latest flash, just download "Iz_Not_Bug_Iz_Flash.exe" right now!". you tell him if the little Hippo don't say there is an update there is NO update, period.

Finally you have the AV, here you can use either Avast free or Comodo IS, I prefer the latter as its not as "chatty" and has built in sandboxing by default but some folks like chatty, both are VERY good at stop malware pages before load and Comodo IS sandboxing means if the old guy does try to run something nasty it'll minimize the risk.

so there you have it, it looks more complex than it actually is, takes about an hour all told depending on how out of date the software on the system is. Once its done that's it, just leave them be, they'll be safe as houses. The browser is sandboxed and in low rights mode, you have the AV scanning every page before load, the browser is blocking ads (one of the biggest attack vectors) and tracking crap, and to top it all off the OS has a hidden encrypted partition with a backup image so if they by some miracle ever do figure out how to break something you can have it back up in under 30 minutes, no problem.

Plus, what I do adds "layered-security"/"defense-in-depth", for less cost, since I supplement using hosts with filtering DNS servers!

However - Filtering DNS servers that are external to MY home & power bill here.

Thus, saving the electricity on doing it with a separate system especially (or just on cpu cycles, RAM, & other forms of I/O dns has if run as a service or daemon) + added complexity.

That's in BOTH my IP stack settings for DNS, as well as in my router, for "layered-security"/"defense-in-depth"... My p.s. below has the list I use.

What I do in my last posts' no trouble - happens for me "automagically", every 12 hours (or manually if I wish) - I designed it that way!

I do both (and a lot more security-wise) as a "security-supplement"'s to one another, & that's also no trouble @ all either - Despite DNS' known issues with recursive setups issues - yes, it's a known issue...

* So, & even if say, ICANN gets compromised & you pointed your DNS to it? I won't be @ least... how/why?

Well, since where I spend a good 99% of my time online's "hardcoded" @ the VERY TOP of my hosts file as favorites!

Thus - I resolve them, myself... & they are "reverse DNS" ping resolved (vs. the in-arpa "TLD" that keeps that information...) right when the hosts file's built...

APK

P.S.=> FILTERING EXTERNAL-TO-MY-HOME DNS SERVERS I UTILIZE IN COMBINATION WITH A CUSTOM HOSTS FILE (and a lot more, like NoScript in Mozilla based browsers etc./et al):

---

Norton DNS:

http://setup.nortondns.com/

198.153.192.1
198.153.194.1
198.153.192.60
198.153.194.60
198.153.192.50
198.153.194.50
198.153.192.40
198.153.194.40

OpenDNS:

http://www.opendns.com/home-solutions/

208.67.222.222
208.67.220.220

ScrubIT DNS:

http://scrubit.com/

67.138.54.100
207.225.209.66

Comodo Secure DNS:

http://www.comodo.com/secure-dns/switch/windows_vista.html

8.26.56.26
8.20.247.2

---

Again - I use those BOTH my IP stack settings for DNS, as well as in my router - for "layered-security"/"defense-in-depth"...

... apkb

"Where does this data come from to rewrite the hosts file come from?" - by Anonymous Coward on Friday November 09, @09:26AM (#41931449)

See my subject-line & I've told you already - from 12 reputable & reliable sources that are security community members (such as hpHosts/malwarebytes, or Norton/Symantec, or ZeusTracker, or MVPS.org, & more as just some RESPECTED "examples thereof" - that's all...)

---

"Are you saying that your program uses my bandwidth to re-download this hosts file (as often as I like, how convenient)," - by Anonymous Coward on Friday November 09, @09:26AM (#41931449)

Ahem: IS there another way? DNS servers do the SAME, BUT they can take up to 24 hours to "propogate" to the 13 root DNS servers too no less (lagtime)... hosts are IMMEDIATE, & resolve host-domain names FAR faster locally than does calling out to a remote DNS server!

---

"and then uses my cpu cycles and electricity to constantly (every 1/2 second) re-apply read-only attributes to my local copy? " - by Anonymous Coward on Friday November 09, @09:26AM (#41931449)

Programs DO that... what can I say? LMAO...

---

"It does this all the time, even when I'm not using any Internet-enabled applications? " - by Anonymous Coward on Friday November 09, @09:26AM (#41931449)

By default it protects the hosts file (above & beyond UAC) - would you rather it didn't? New NEWS/NewsFlash/Clue: IF you have a malware operating on your rig, & you don't realize it? Good thing it does so... think about it!

(Optionally - You can turn that off easily though, as to the write-protect attribute setting IF you wish!)

---

"Sounds great!" - by Anonymous Coward on Friday November 09, @09:26AM (#41931449)

Thank-You - it's "pretty good" & been a small hobby/labor of love of mine since late 2003, improving it here & there as I go (I only released it @ the suggestion of pals that use it, they like it is why... I rarely RARELY if ever do "freebies" anymore, as that's a "younger man's game" when you're first starting out in this field, & it's useful for interviews when you're still "just outta college", for something to show potential employers in say, interviews... things got SO bad with malware though since 2004, I decided to "put her out there"... that's all, just to help as MY contribution vs. malware in general!)

---

"Sure, I can put my favorites into a hosts file, but sometimes (like on Slashdot, here) those sites like to link to other sites, including sites that I've never visited or even heard of. If your hosts file doesn't have an entry for it, my CPU and hard drive are going to waste electricity poring through the document, trying to find a match, only to go out to the public DNS servers anyway." - by Anonymous Coward on Friday November 09, @09:26AM (#41931449)

WELL, that's when you have options for BETTER DNS SERVERS - ones that FILTER vs. online threats in fact (I use them myself, & they're pretty "widely recommended" in the following):

Norton DNS:

198.153.192.1
198.153.194.1
198.153.192.60
198.153.194.60
198.153.192.50
198.153.194.50
198.153.192.40
198.153.194.40

OpenDNS:

208.67.222.222
208.67.220.220

ScrubIT DNS:

67.138.54.100
207.225.209.66

Comodo Secure DNS:

http://www.comodo.com/secure-dns/switch/windows_vista.html

8.26.56.26
8.20.247.2

---

"I fail because I agreed with you? Indeed." - by Anonymous Coward on Friday November 09, @09:26AM (#41931449)

FAIL? No... you just seemed OVERLY "sarcastic" about adbanners shown to ha

Iran attacked Comodo before Stuxnet was even discovered

Comodo DNS almost compromised

Well if you want to keep the Gecko engine there is Pale moon, IceDragon, and Waterfox. If you want to switch to something else there is Dragon (what I use, nice and with some extra security features), Chrome/Chromium, Safari, Opera,QTWeb if you need cross platform, that's the nice thing about what we have now, no more "This site only works in IE" crap and plenty of choices.

I give my customers a choice of Dragon or IceDragon because i give them Comodo AV and have had good luck with their free stuff, but any of the above will do the job and most will offer to transfer over your passwords and bookmarks, easy peasy.

Well if you want to keep the Gecko engine there is Pale moon, IceDragon, and Waterfox. If you want to switch to something else there is Dragon (what I use, nice and with some extra security features), Chrome/Chromium, Safari, Opera,QTWeb if you need cross platform, that's the nice thing about what we have now, no more "This site only works in IE" crap and plenty of choices.

I give my customers a choice of Dragon or IceDragon because i give them Comodo AV and have had good luck with their free stuff, but any of the above will do the job and most will offer to transfer over your passwords and bookmarks, easy peasy.

A better choice IMHO and one I've been giving to my customers for a couple of years now is Comodo Antivirus as its butt simple, pretty much install and forget, is free, and is VERY good at stopping malware cold.

IME, Comodo is good, but is way too interactive, has too many popups and requires too much user interaction. Non-computer-savvy people either get freaked out, or react inappropriately. I like Avast, if you turn off the voice that announces updates, there's really only the yearly navigation of the website maze that's trying to get you to pay.

FWIW, I turn off the Sandbox and Defence+ stuff, just running the AV and Firewall.

Me too, and it's great. I haven't experienced any serious malware infections on my computers in a long time.

I also use the Comodo Dragon browser, which is basically just Google Chrome that uses Comodo's DNS server to make sure that you're not being directed to dangerous websites.

MSE is good IF, and its a BIG IF, you are not going anywhere risky, as it doesn't seem to do as well on drive bys as the others. This isn't really surprising as it started out as Giant AntiSpy before being bought by MSFT, but if he is going anywhere other than school sites I'd be leery if he isn't tech savvy.

A better choice IMHO and one I've been giving to my customers for a couple of years now is Comodo Antivirus as its butt simple, pretty much install and forget, is free, and is VERY good at stopping malware cold. If you want extra protection it asks on install if you wish to use their secure DNS which blacklists malware sites, but its strictly optional. its light on resources, doesn't pop up 40 ads a week trying to sell you crap like Avast has been doing lately, and has a really nice sandboxing feature that is enabled by default but which you can set to be as granular as you like, anything from off to whitelistsing to blacklisting, really nice.

All in all out of the free AVs I'd rate it "best of show" because not only does it have sane defaults and great sandboxing, but its as simple or as fine grained as you want it to be. With MSE there really isn't any way to change...well anything, with Comodo if you desire you can tweak pretty much everything if you choose, from the behavior of the scanning engine, to the levels of paranoia on the sandboxing (which MSE doesn't do) to who what and when it scans and where it will scan.

The nice thing about browsers friend? Is you do have choices. I personally prefer the Comodo Dragon, which is based on Chromium and doesn't have all the Google phone home junk. For those that wish to try it here you go. And for those that prefer the Gecko engine or have FF extensions you are loathe to let go of? Well guess what, the Comodo guys just came out with their own version of FF called IceDragon, try it here.

Oh and since we get lets of calls of shilling here just FYI, don't know anybody at Comodo, never worked at Comodo or got so much as a bumper sticker from Comodo, just a guy that used their free antivirus and decided to see what other free stuff they had and found a ton of cool free software being offered.

But that's the nice thing we have now folks, we have a wealth of choice. Don't like either of those? There is SWIron, Kmeleon, Safari, Opera, hell I could make a list half a page long just of browsers. If you don't like the way the FF devs are doing things, and personally I think trying to throw another mobile OS into an already crowded as hell field is just nuts, then vote with your feet and choose one of the multitude of different browsers out there. Hell they are free, try a dozen and see which one fits you best.

The nice thing about browsers friend? Is you do have choices. I personally prefer the Comodo Dragon, which is based on Chromium and doesn't have all the Google phone home junk. For those that wish to try it here you go. And for those that prefer the Gecko engine or have FF extensions you are loathe to let go of? Well guess what, the Comodo guys just came out with their own version of FF called IceDragon, try it here.

Oh and since we get lets of calls of shilling here just FYI, don't know anybody at Comodo, never worked at Comodo or got so much as a bumper sticker from Comodo, just a guy that used their free antivirus and decided to see what other free stuff they had and found a ton of cool free software being offered.

But that's the nice thing we have now folks, we have a wealth of choice. Don't like either of those? There is SWIron, Kmeleon, Safari, Opera, hell I could make a list half a page long just of browsers. If you don't like the way the FF devs are doing things, and personally I think trying to throw another mobile OS into an already crowded as hell field is just nuts, then vote with your feet and choose one of the multitude of different browsers out there. Hell they are free, try a dozen and see which one fits you best.

Bit of advice? Try Asus, I've been getting quite a few from them for customers and the amount of trialware was very low, just your standard MS Office trial and the option of having a Norton trial if you wanted it. If you didn't you simply said no at first start and voila! No Norton.

BTW once you have the PC set up the way you want it, which I suggest using WSUS Offline for the patches and Ninite for the third party stuff like Flash? Well once its set up all nice and clean and fresh smelling you can just use Comodo Time Machine to make it pretty much unfuckable. Just lock the first snapshot (so you have your own version of a factory restore) and set it to take a snapshot daily and tada! Even if they manage to make the machine unbootable you can have it back up in under 20 minutes by phone, all they have to do is hit the Home key when they see the clock (right after BIOS) and then pick which snapshot they want to go back to, couldn't be easier.

I agree about the trialware infections though, last time I had to deal with a factory reset on a Dell mini I wouldn't to pull my fricking hair out! We're talking an Atom single with 1Gb of RAM and they had something like NINE things running at startup! What a fricking mess, but once I had him all nice and ready to go CTM means I won't have to deal with that crap again, its a life saver if you have to deal with clueless people. But I've tried dealing with ARM friend and you do NOT want to go there. What you end up with is pissed off people because they can't run their dumbass Windows programs, it wouldn't matter if you sold them a dual core netbook for $40 they would still be pissed that it couldn't run whatever crapware program they wanted.

Bimbo Newton Crosby, if they'd ever tried to actually support a completely clueless user they'd know that VNC would be a BAD idea.

Honestly i just don't see how he is gonna be able to pull it off on both Windows AND OSX without some service in the middle, i really don't. Everything else is gonna require the user to at least have enough skills to start the thing up which is far from assured and leaving it running 24/7 is just asking for trouble.

This is why I'm glad I have all my family and customers on Win 7, MSFT may have made plenty of dumb moves but EasyConnect is a fricking Godsend, its the easiest damned thing I've ever dealt with for remote assistance. I simply pin Remote Assistance to the start menu and its as easy as "Hit start, see that thing at the top that says remote assistance? Yeah click on that, hit next, see my name? Yeah click on my name...hold on...okay I'm hooked up, see that little box that popped up that asks if I can have full control? Just click yes...okay I've got it now" and then I can just sit in my comfy chair and work the system like i was sitting right in front of it.

I wish there was something truly universal and that simple to use but if its out there so far I haven't found it. Just remember when you suggest programs we are talking normal folks, the stuff YOU would think is trivial to do is often so completely over their head it would literally be quicker to simply drive out to where they are and do the work than to sit their on the phone trying to talk them through it.

Oh and one final bit of advice for those that have to support the clueless...get Comodo Time Machine and install it NOW, you'll be glad you did. Think of it as a system restore that actually works and which doesn't get infected by malware. When my GF had to go across the state to take care of a sick relative and her niece screwed her laptop up so bad the thing wouldn't even boot to desktop it took me less than 15 minutes to get her back up and running thanks to CTM. Just set it to use around 10%-15% of the HDD space for snapshots and have it take a snapshot at boot (if you boot more than once a day it'll only take one snapshot so you won't run out of space) and you are golden. You can even lock a snapshot so you can have your own version of a factory refresh that will put the system right back to the way you had it with no muss or fuss. Just have them hit the Home key when they see the big clock, tell them what day you want them to go back to and voila! Instant fix.

Ask and ye shall receive Comodo Personal Firewall. Free, easy to use, has sane defaults while at the same time letting you control any in or outbound with any kind of rule you can think up. Personally I'd just take Comodo Internet Security Free as it gives you the AV and Firewall in one, has sandboxing, again a ton of control over the AV, oh and their license makes it free for home AND business use.

With Windows if you want anything more than the basic you really gotta go third party, that's just the way its always been. I happen to like it that way as it gives me plenty of choices besides whatever MSFT packs in. That said the Win 7 firewall isn't bad, you click on advanced and you can cook up your own rules, not nearly as fine grained as Comodo but for a basic firewall it isn't bad.

http://www.youtube.com/watch?v=us8OhI-OTHg

"Day after day your home life's a wreck
The powers that be just
Breathe down your neck
You get no respect
You get no relief
You gotta speak up
And yell out your piece
So back off your rules
Back off your jive
Cause I'm sick of not living
To stay alive
Leave me alone
I'm not asking a lot
I just don't want to be controlled
That's all I want
All I want
How many times is it gonna take
Till someone around you hears what you say
You've tried being cool
You feel like a lie
You've played by their rules
Now it's their turn to try
So back off your rules
Back off your jive
Cause I'm sick of not living
To stay alive
Leave me alone
I'm not asking a lot
I just don't want to be controlled
That's all I want
All I want
I said it before
I'll say it again
If you could just listen
Then it might make sense"

* A huge "amen" to that...

I.E.-> Many of "the powers that be" are DOING IT WRONG!

They ought to be using their control of "the pipes/tubes" on the internet to do what GOOD "filering" DNS servers are up to, which is filtering out KNOWN SOURCES of malicious content online!

(E.G.-> malware, malicious script, poisoned banner ads, sites that serve up malicious content in general, spam, & phishing mails also, etc./et al...).

No, instead, this is what folks get - spying on them? WTF!

Good filtering DNS servers for people to consider using (since I noted them above):

Options for "DNSBL filtered 'secured'" DNS servers for single system users/non-networked users (on the job using AD networks or otherwise):

A.) Norton DNS (198.153.192.50 and 198.153.194.50/198.153.192.40 and 198.153.194.40/198.153.192.60 and 198.153.194.60) -> http://nortondns.com/ & you can even see how it updates every few minutes vs. known malicious sites-servers, here -> http://safeweb.norton.com/buzz as well as get a GOOD read on how/why it works, etc.- et al, here https://dns.norton.com/dnsweb/faq.do

It filters vs. MANY threats online & IS UP TO DATE as is possible I'd imagine (see those links, you'll understand WHY I state that). It's part of WHY I use it as my PRIMARY DNS here...

---

B.) ScrubIT DNS (67.138.54.100 and 207.225.209.66 ) -> http://www.scrubit.com/ & here is a good read on how/why it works via its FAQ's as well -> http://www.scrubit.com/index.cfm?page=faq

---

& of course

C.) Open DNS (208.67.222.222 or 208.67.220.220) -> https://store.opendns.com/get/home-free

---

D.) Plus:

Comodo Secure DNS:

http://www.comodo.com/secure-dns/switch/windows_vista.html

8.26.56.26
8.20.247.2

---

EACH IS FREE, & WORKS vs. threats online of MANY kinds, doubtless via a form of DNSBL they use for filtering those threats out!

(E.G.-> Phishing/Spamming, Malware hosting sites/servers, Maliciously scripted hosts-domains etc./et al & more...)

* I use ALL 3 of them (mostly as "failovers" for one another, in case my primary can't resolve a host/domain name to an IP address, & w/ Norton DNS as primary)!

(I do so, in a "layered triumvirate formation" in BOTH my IP stack DNS settings in Windows (software-side), as

If you are on Windows try Pale Moon which has forked away from FF as of V12 because they too grew tired of UI changes. it also has the SSE flags set at compile so its snappier than FF. if you decide instead to go to the Chrome side I'd suggest Comodo Dragon which is Chrome without the phone home.

Options for "DNSBL filtered 'secured'" DNS servers:

A.) Norton DNS (198.153.192.50 and 198.153.194.50/198.153.192.40 and 198.153.194.40/198.153.192.60 and 198.153.194.60) -> http://nortondns.com/ & you can even see how it updates every few minutes vs. known malicious sites-servers, here -> http://safeweb.norton.com/buzz as well as get a GOOD read on how/why it works, etc.- et al, here https://dns.norton.com/dnsweb/faq.do

It filters vs. MANY threats online & IS UP TO DATE as is possible I'd imagine (see those links, you'll understand WHY I state that). It's part of WHY I use it as my PRIMARY DNS here...

---

B.) ScrubIT DNS (67.138.54.100 and 207.225.209.66 ) -> http://www.scrubit.com/ & here is a good read on how/why it works via its FAQ's as well -> http://www.scrubit.com/index.cfm?page=faq

---

& of course

C.) Open DNS (208.67.222.222 or 208.67.220.220) -> https://store.opendns.com/get/home-free

---

D.) Plus:

Comodo Secure DNS:

http://www.comodo.com/secure-dns/switch/windows_vista.html

8.26.56.26
8.20.247.2

---

EACH IS FREE, & WORKS vs. threats online of MANY kinds, doubtless via a form of DNSBL they use for filtering those threats out!

(E.G.-> Phishing/Spamming, Malware hosting sites/servers, Maliciously scripted hosts-domains etc./et al & more...)

* I use ALL 3 of them (mostly as "failovers" for one another, in case my primary can't resolve a host/domain name to an IP address, & w/ Norton DNS as primary)!

(I do so, in a "layered triumvirate formation" in BOTH my IP stack DNS settings in Windows (software-side), as well as in my LinkSys/CISCO router here (hardware-side))...

APK

P.S.=> IF you need help for how to set them up? Those pages instruct on that also, OR, you can ask (somehow I don't think you need the help though, but I am stating it just in case)... apk/b

A.) Norton DNS (198.153.192.50 and 198.153.194.50/198.153.192.40 and 198.153.194.40/198.153.192.60 and 198.153.194.60) -> http://nortondns.com/ & you can even see how it updates every few minutes vs. known malicious sites-servers, here -> http://safeweb.norton.com/buzz as well as get a GOOD read on how/why it works, etc.- et al, here https://dns.norton.com/dnsweb/faq.do

It filters vs. MANY threats online & IS UP TO DATE as is possible I'd imaging (see those links, you'll understand WHY I state that). It's part of WHY I use it as my PRIMARY DNS here...

---

B.) ScrubIT DNS (67.138.54.100 and 207.225.209.66 ) -> http://www.scrubit.com/ & here is a good read on how/why it works via its FAQ's as well -> http://www.scrubit.com/index.cfm?page=faq

---

& of course

C.) Open DNS (208.67.222.222 or 208.67.220.220) -> https://store.opendns.com/get/home-free

---

D.) Plus:

Comodo Secure DNS:

http://www.comodo.com/secure-dns/switch/windows_vista.html

8.26.56.26
8.20.247.2

---

EACH IS FREE, & WORKS vs. threats online of MANY kinds, doubtless via a form of DNSBL they use for filtering those threats out!

(E.G.-> Phishing/Spamming, Malware hosting sites/servers, Maliciously scripted hosts-domains etc./et al & more...)

* I use ALL 3 of them (mostly as "failovers" for one another, in case my primary can't resolve a host/domain name to an IP address, & w/ Norton DNS as primary)!

(I do so, in a "layered triumvirate formation" in BOTH my IP stack DNS settings in Windows (software-side), as well as in my LinkSys/CISCO router here (hardware-side))...

APK

P.S.=> IF you need help for how to set them up? Those pages instruct on that also, OR, you can ask (somehow I don't think you need the help though, but I am stating it just in case)... apkb

Well part of your problem is the browsers friend, safari bites, Chrome has too much phone home crap, and FF is a memory piggy. If you want to keep gecko I'd suggest replacing it with Pale Moon which is optimized for more current CPUs such as yours, Chrome should be replaced with Comodo Dragon and for webkit I'd go with QTWeb which has built in ABP, but on the first two first thing I'd do is install ABP, as i bet half your problem is those damned bloated ass web ads slowing you down.

Because I can tell you that with that ancient Sempron I can get up to 14 or 15 tabs in Dragon or QTWeb without any real dragging, around 9 for Pale Moon, whereas FF would start sucking at barely 6. On my home machine which i'm on now, which is an AMD Phenom II X6 with 8Gb of RAM frankly I can pile on the tabs for as long as i want in Dragon or QTWeb, again without any real stutter or jerking.

You just have to remember you can take the fastest machine on the planet and pile on those damned blinking flashing web ads and make it feel like a 486 running Win98, the code they use for those things are just bloated as hell. Not to mention I can tell you that infected ads are probably the number 2 source of infected PCs, just under the "ZOMFG U got teh viruz! Quick run this Security tool to clean it ZOMFG!" infections.

Dude WTF browser are you using? I always eat my own dog food so I use the same that i give my customers which is Comodo Dragon with adblock plus and frankly I have NO PROBLEM surfing here at the shop on this 1.8GHz Sempron from 2004, the only change I did to it was max it out to 2Gb of RAM and even then it was only because i got a dead box with a spare stick in it, it was surfing just fine on the 1.25Gb it came with. I even watch SD video on it but with only an old Nvidia vanta card it naturally can't do HD, one of these days i'll have to decide between that Geforce 7600GS and the Radeon X1950 I have sitting in a box in the back and upgrade the GPU but frankly i'm not in a hurry.

So maybe its just your browser or OS friend, as i still sell refurbed P4s and for the things folks want to do, IM, FB, YouTube SD video, they work just fine with the dragon and ABP. Because I can tell you that most of the people I've sold multicores to really aren't stressing anything, in fact the only customer I have actually had to upgrade after selling a multicore to was a customer than bought a Phenom I triple that is an ex NASA engineer and got into using Solidworks, which once I upgraded his GPU to something that Solidworks would offload to (A Radeon HD4670 I believe, got it on one of the sales for something like $30) his Phenom I has been purring like a kitten.

Of course i wouldn't wish IE or ANY browser without ABP onto my worst enemy, so maybe that is your problem. But looking at the CPU meter typing this while playing an SD video in the background I'm only hitting around 65% CPU on the Sempron, which if that ancient chip can do it ANY chip can. One of these days I'm really gonna have to sit down and decide if I want to spend the $20 to upgrade it to an Athlon mobile or just change out the box for that Athlon X2 I have in the closet, but if it ain't broke, why fix it?

1st - Better FILTERING DNS servers & 2nd - A program that creates a custom HOSTS file (I wrote it) that's both 32-bit &/or 64-bit for Windows:

---

Options for "DNSBL filtered 'secured'" DNS servers:

A.) Norton DNS (198.153.192.50 and 198.153.194.50/198.153.192.40 and 198.153.194.40/198.153.192.60 and 198.153.194.60) -> http://nortondns.com/ & you can even see how it updates every few minutes vs. known malicious sites-servers, here -> http://safeweb.norton.com/buzz as well as get a GOOD read on how/why it works, etc.- et al, here https://dns.norton.com/dnsweb/faq.do

It filters vs. MANY threats online & IS UP TO DATE as is possible I'd imaging (see those links, you'll understand WHY I state that). It's part of WHY I use it as my PRIMARY DNS here...

---

B.) ScrubIT DNS (67.138.54.100 and 207.225.209.66 ) -> http://www.scrubit.com/ & here is a good read on how/why it works via its FAQ's as well -> http://www.scrubit.com/index.cfm?page=faq

---

& of course

C.) Open DNS (208.67.222.222 or 208.67.220.220) -> https://store.opendns.com/get/home-free

---

D.) Plus:

Comodo Secure DNS:

http://www.comodo.com/secure-dns/switch/windows_vista.html

8.26.56.26
8.20.247.2

---

EACH IS FREE, & WORKS vs. threats online of MANY kinds, doubtless via a form of DNSBL they use for filtering those threats out!

(E.G.-> Phishing/Spamming, Malware hosting sites/servers, Maliciously scripted hosts-domains etc./et al & more...)

* I use ALL 3 of them (mostly as "failovers" for one another, in case my primary can't resolve a host/domain name to an IP address, & w/ Norton DNS as primary)!

(I do so, in a "layered triumvirate formation" in BOTH my IP stack DNS settings in Windows (software-side), as well as in my LinkSys/CISCO router here (hardware-side))...

APK

P.S.=> Then there is also this program I wrote that 2 makers of custom hosts file data are hosting for me (hpHosts/malwarebytes + hostsfile.org/securemecca.com):

http://securemecca.com/public/APKHostsFileInstaller/2012_06_01/APKHostsFileEngineInstaller32_64bit.exe.zip

You simply extract its files to ANY folder you like (usually one you create for it, doesn't matter where, but you MUST run it as administrator (simple & the "read me" tab shows how easy THAT is to do):

What's it do for you?

It's a custom hosts file mgt. program that does the following for end users (Calling it "APK Hosts File Engine 5.0++")

---

1.) Offers massively noticeable increased speed for websurfing via blocking adbanners

2.) Offers increased speed for users fav. sites by hardcoding them into the hosts file for faster IP address-to-host/domain name resolutions (which sites RARELY change their hosting providers, e.g.-> of 250 I do, only 6 have changed since 2006 - & when sites do because they found a less costly hosting provider? Then, they either email notify members, put up warnings on their pages, & do IP warnings & redirectors onto the former IP address range to protect vs. the unscrupulous criminal bidding on that range to buy it to steal from users of say, online banking or shopping sites).

3.) Better "Layered-Security"/"Defense-In-Depth" via blocking host-domain based attacks by KNOWN bad sites-servers that are known to do so (which IS, by far, the majority of what's used by both users (hence the existence of the faulty but for most part working DNS system), AND even by malwa

While this is true i think the larger point is that their "big innovations" are just "me too!" copies of other's work.

What pisses me off is its pretty damned obvious that like a lot of FOSS projects the developers at Mozilla frankly don't give a shit what the users think. I don't know if its because its free software, if they think that gives them the right to just crap on the users, if its just bad attitudes or what, but I have noticed a lot of projects adopting this "We are going THIS way, get on board or go fuck yourself" attitude and it stinks. I think the numbers speak for themselves, FF was growing until they became all about the bling bling and ignoring the users and its been dropping steadily since.

Of course the sad part is this isn't a new thing for the Moz devs, it just wasn't as bad as it is now. Anybody remember how they swore up and down the memory leaks were all in the users heads, right up until they put out the release that basically said "Oh and we fixed the memory issues!"...wait, what? the memory issues you told us didn't exist, THOSE memory issues? And anybody whose taken a look at their roadmap lately...ugh...its fricking metro UI candy and appstores, yep, that's what we need, more candy coating and fricking appstores.

That is why I suggest those that don't want to go where Moz is heading to try Pale Moon if you wish to keep your FF extensions, as they have forked it as of V12 so they won't be going for the glossy bling bling of future FF, or if you're not wedded to FF extensions maybe try QTWeb which has support for flash and ABP and runs on all the major OSes, Linux, BSD, OSX, and Windows.

Because as someone who was a long time FF user and advocate I just don't like where Mozilla is going anymore. they used to seem to care about just making the best FF they could, but then Chrome came out and they seem to have lost their damned minds. But luckily for us there is a wealth of choices now, not only those above but opera, Safari, Chromium,Comodo Dragon which is becoming more and more my go to browser, just so many choices. Maybe if enough people choose something else Mozilla will start listening to their users again. I know its a long shot but I can dream, can't I?

Thanks and I too don't use either FF or Chrome. For my customers I offer a choice of Pale Moon which has forked away from Firefox specifically because they did not want to go with the whole metro UI change or Comodo Dragon which is what i personally use as its based on Chromium but with some nice extra security features and no phoning home to Google. Finally for those that need cross platform I would highly recommend QTWeb which runs on Linux, Apple,BSD or Windows, is fully portable so you can just run it on a flash, and has Flash support and Adblock.

But I was a BIG supporter of Mozilla, both when FF was still in beta and the Moz Suite before that, but frankly their devs might as well change the opening screen to someone giving the finger as that seems to be their attitude as of late. You would think seeing how their numbers climbed right up through FF V4 and then started nosediving and never recovered they would get the hint that the users don't like the current direction, but frankly they don't seem to give a shit. This is sad as FF had ONE killer feature, the same one that caused some of my customers to go to Seamonkey or Pale Moon rather than give up the Gecko engine, and that is the awesome extension framework. if they would quit pissing on the users with the UI and do something about the CPU spiking I would go running back to FF in a heartbeat but its pretty obvious from their roadmap that the ONLY users they want are those on Windows 8 using appstores and that just ain't me. So long FF and thanks for all the fish.

Now webkit is a pretty good engine, it is a pity no one has yet hooked it up to a descent frontend.

Try this or this
I used the first for a while, but at the time their webkit rendering had some really nasty memory leaks. I should probably give them another shot. The second has been reasonably stable and reliable for my purposes.

Or you can use Comodo DNS which is good about blocking malware infested sites, or Open DNS or one of the dozen or more free DNS servers out there.

If someone wants to use Google for DNS I hear that its a good service but it isn't like we don't have a wealth of choices out there. No need to go through the hassle of running your own resolver unless you just want to.

I've been a hardcore Firefox user for years, spreading it to family and friends every chance I get. I finally left it about a month ago. The constant versions didn't bug me nearly as much as the performance, particularly on older/slower systems. I went to Comodo Dragon, a Chromium-based browser with the Google tracking stuff removed and a bit of security protections added. I love the snappier response but I do miss AdBlock (yes, there are two for Chrome and I run one but it is nowhere as effective as the version on Firefox). However, our old XP machine at home and the kids' netbooks love me for switching.

On a somewhat related note, moving from AVG to MSE made a huge impact on system performance on these less-than-stellar machines. I couldn't believe how much better MSE runs and that it actually does a decent job now.

That is why I have just given up. I no longer download distros and even block linux articles from showing up on /. because i just tired of dealing with the crazy. things are NOT getting better, in fact with the DEs being gutted and pulseaudio if anything things are more unstable than they were even 5 years ago!

That's why you ought to try Win 7, i got into Linux when the crapfest that was Vista came out but frankly i never had as many bugs with Vista as i did with Linux, but 7 is as stable as a rock and purrs like a kitten, be it on my cheap ass $350 netbook or my hexacore gaming PC it "just works" without crashes or bugs or hassle. Hell for shits and giggles I even stuck in on a 1.8GHz Sempron with 1.5Gb of RAM just to see how it runs and you know what? it runs quite well, I just don't have Aero (which i turn off anyway) but other than Aero its smooth and responsive.

But as long as you are on XP you might want to check out Comodo Internet Security along with Ninite, both are free (I'd give you the link to CIS but the URL is crazy long) and I use these along with Comodo Dragon on my XP boxes I sell and frankly not a single bug yet. the nice thing about CIS is it will sandbox the browser of your choice and scan all pages before load so that you don't have to worry about any malware links, even if you are on XP.

But this is why i have given up even attempting to discuss anything with them anymore, they just won't listen. last time i loaded up one of the Linux articles it was nothing but a giant groupthink circle jerk, with everyone trying to top each other in the crazy dept. But as long as nobody will stand up as a group and tell the devs that the itch scratching BS is over then things will never get any better, only worse.

You are right nobody will do the work but i think its much worse than that, i mean look at how many help files are just CLI lists or "to do" placeholders? without any monetary motivations the devs don't listen to anyone, and with so many of the FOSSies pushing out the FOSS advocates nobody will ever call them out over it. i mean look at how many here worship RMS and he's a fricking squatter at MIT that doesn't even use the Internet! I mean how do you get through to people that will actually listen to and deify a guy that thinks its okay to squat on a campus and even worse pull off his shoes and socks ON STAGE and eat some toe funk?

if you want to keep trying to talk to them Barbara go right ahead, but as you saw with that one you posted the chapter and verse on copyright law for only to have him continue to argue black is white its like trying to explain evolution to someone that believes Noah rode a dinosaur, you just can't penetrate the dogma. All they will do is tune you out and keep spouting their religious beliefs. kinda sad that free software now is treated like religion, but frankly the nutters have taken over the tent and all you can do is pack up and move on before they make you a nutter too.

There is a MUCH better tool out there than those downloader apps for FF, it isn't free but it works on just about every site, even those that the FF plugins choke or refuse to see. its called Jaksta Streaming Video Capture and the nice thing is it isn't tied to ANY browser, so it only runs when YOU are wanting to capture instead of adding bloat to the browser. its quite nice.

But as other have said FF has become a pale Chrome imitation and if I wanted Chrome I'd fricking run Chrome! I personally gave up around version 7 for Comodo Dragon which is Chrome without the phone home, because while i still have FF installed and try it with each release frankly it runs like shit on both my nettop and my netbook. Hell even on my hexacore it will have what I call "senior moments" where the UI will just freeze for a few seconds, not enough to make me kill the program but just enough to piss me off. With the Dragon even on a 2004 Sempron its responsive and snappy and when I close tabs I get the memory back which FF has yet to master.

So while I keep hanging onto this vain hope that Firefox will come back, I have a feeling the glory days of FF are behind it. You can't be #1 just by badly aping someone else and that is what IE and FF have been doing, playing follow the leader with Chrome. Frankly I don't know what they did between 3.6 and 5 but whatever they did was a doozy as I can't run it on low power devices like my netbook without it bitchslapping the cores and sucking down the battery like a drunk at a free minibar. If you are gonna rip off Chrome FF devs, how about ripping off its lack of CPU slamming and nice use of resources huh?

One of the things I like about Comodo Dragon is that is the default setting, so no need to try to walk someone through killing third party cookies. With Dragon and ABP everything "just works" .

What features would those be? i thought I'd miss features when I switched to Comodo Dragon, but it has ALL my extensions, hell it has even better security features than FF, such as support for Low Rights Mode, the option of using Comodo SecureDNS for malware and phishing protection, and it uses less CPU and memory and unlike FF when i close tabs my memory actually goes down.

Now I keep Pale Moon on hand for when i run into one of the VERY few sites that don't play nice with Chromium browsers and the rest of the time i'm in Dragon. I still keep a copy of FF, ESR on my old XP box and the latest on my 6 core, and i keep them updated and try them every time a new version comes out HOPING things will change, that FF will become light and nimble even on netbooks and nettops like it USED to be. Sadly though IMHO when Chrome came out it was like the Moz devs lost their damned minds and became so focused on Chrome they forgot what mattered was making the best FIREFOX and not a Chrome ripoff. in a way it reminds me of MSFT who lost THEIR damned minds when the iPad came out and have now deluded themselves that everyone from stock brokers to sally homemaker is gonna go pay triple the price for a touchscreen monitor so they can "experience the wonder" of having a cell phone on the desktop.

Its damned sad to see a company become so target locked on a competitor they can't see the forests for the trees but frankly ever since Chrome starting gaining share its been all downhill for FF.

While I agree about meeting a business need sometimes free works quite well. For example i give my SMBs Comodo Internet Security which is free for BOTH home and business use and works great. if later on they run into some situation where they actually need support Comodo will be happy to sell them support so if they have no problems then it costs nothing. I've found if you use Win 7 (with its ASLR and DEP) along with Comodo Dragon with ABP (Dragon supports Win 7 low rights mode by default) and then finally comodo Time machine so if they DO somehow manage to bork something they can just hit the rewind button, even if they screw it up so bad it won't boot? Well you end up with a machine that short of hardware failure is pretty damned hard to kill or screw up. That of course makes both my business and home users VERY happy. When you have customers that could kill a Sherman tank with a toothbrush (I swear they must have like an electromagnetic field or something the way things just die around them) then you quickly learn how to harden a system.

As for TFA as another noted maybe by being FOSS now they will have developers work on the usability, maybe have a "dummy mode" for the less skilled. because while HJT is a great tool it is NOT for the faint of heart and if you don't know what you are doing you could quickly break more than you fix. Maybe someone can tie it in with the signatures for Housecall or clamAV so it has a default nasty list?

Any other opinions on that?

Maybe this one.

Cool.

Only runs on Windows though, that leaves me out.

Any other opinions on that?

Maybe this one.

If you are on windows you should try Comodo Dragon which has ABP and I would argue with the combination of its default settings which has the browser and ONLY the browser use the comodo Secure DNS malware site filtering along with low rights mode NoScript isn't really needed. There is NotScript if you want to replicate similar functionality but frankly i tried to get a win 7 install using Dragon infected for shits and giggles and while a few nasty sites could crash the browser not a single one managed to infect the system which i confirmed with several offline and online scans. Its a HELL of a lot faster than FF is now and unlike FF which sucks balls on AMD chips Dragon is completely CPU agnostic, there is even a checkbox on first install that will make a portable version and install it to your thumbdrive. Its really nice, give it a spin. it'll even import all your FF bookmarks, passwords, etc if you ask it to so switching is trivial.

I agree though that FF nuked the fridge after version 3, in my case i believe the nuking occurred after versions 3.0.x which were the last versions that seemed to be truly CPU agnostic and weren't Ziggy Piggies when it came to CPU and RAM usage. Like I said i tried the latest and greatest on my EEE E-350 netbook and watching as a good 40 minutes of battery went down the shitter thanks to FF hogging the CPU. On my XP box I have AnVir Task Manager and just typing in a text box I can watch the CPU jump all over the place from FF. Seriously typing in a textbox causes huge spikes in CPU usage? WTF? But I have to support a WIDE range of customers, from late model P4 office boxes and first gen netbooks to the latest AMD multicores and frankly FF is just unsuitable for purpose anymore. it was the complaints from customers about how their machines would "jerk and hang" when going to common sites like Gmail and FB that told me if I didn't want them going back to IE i had better get on it and find a new browser and after testing more than a half a dozen, from Kmeleon to Opera I found the Dragon has the best mix of security and performance for me and my customers. I just recently installed it on a customers Xmas prezzie from her BF which is an AMD C Series netbook and even with an APU that is only 1GHz the Dragon is snappy and lets her use FB while running her IM without any lagging and while getting over 5 hours on a battery. That for me speaks volumes and is why FF is no longer in my standard install package.

Thanks and that is why when it came out Intel was (and still is BTW) rigging their compiler and was bribing OEMs I switched to an AMD only shop simply because i know without competition frankly it would seriously suck. I mean if MSFT had rigged Windows to tie a boat anchor to GPL code can you imagine the screams? yet they'll still support a company that has admitted to bribery and rigging the benchmarks (again still are as one reviewer who didn't know about the ICC cripple code remarked when reviewing netbooks "The benches say that the Atom dual is faster than the AMD E series yet the real world doesn't bare this out for some reason" yeah its called "quack.exe" and is as old as putting your thumb on the scale) yet they'll still buy.

On the browser front I use as well as switched my customers over to Comodo Dragon and frankly everyone couldn't be happier. Its light, its snappy even on this 1.8GHz Sempron that I use as a nettop, its default settings have some really nice security features like using Comodo Secure DNS in the browser ONLY which is fast and stops malware and phishing sites you may stumble across, it even has an option to make it portable and run it off a thumbstick. i heartily recommend it. And of course the more competition we have in the market the better it is for ALL of us because they have to bring their A game or lose.

Comodo Dragon web browser

http://www.comodo.com/home/browsers-toolbars/browser.php

Secure DNS, too. :)

That is what I don't get, you see your numbers dropping like flies, your users tell you in no uncertain terms what you are doing is a big DO NOT WANT and yet what do you do? "We'll just do it twice as fast, that's the ticket"?

I have to support everything from netbooks and old office P4s to the latest quads and I had to switch myself and my customers to Comodo Dragon (Chromium based without the Google phone home) simply because I found on a LARGE swath of the older machines and netbooks it was no longer suitable for purpose. it wasn't extensions either, just to ensure of that I ran tests with ONLY extensions that Dragon and FF had, namely ForecastFox and ABP. For test beds I chose 3 systems, an off lease P4 2.2GHz, 512Mb of RAM, my nettop which is a Sempron 1.8GHz with 1,5Gb of RAM, and my netbook which is one of the new E-350 Brazos EEE netbooks with 8Gb of RAM.

What did I find? The latest version, 8.01 I believe, is simply unusable on both the Sempron AND the P4, and is frankly barely functional on the E-350 while causing its temps to shoot up nearly 20 degrees from all the CPU slamming. I just tried to go to basic sites that I knew my customers would go to, YouTube, Yahoo Mail and Gmail, a couple of random websites, and in every single case while the max that Dragon hit was around 70% CPU and that only for a few seconds FF would literally GRIND on the CPU causing such hard 100% CPU spikes that the entire desktop became unresponsive.

I personally learned of this after the 4 series when all my customers started complaining about how Facebook was slow and their PCs became unresponsive so I traced it back and sure enough it was FF slamming their CPU. In fact the ONLY customer I haven't had any complaints from is a single one that bought an AMD triple core, maybe FF doesn't know how to slam an odd cored CPU? But I would suggest to those wanting another browser either Comodo Dragon which has excellent features like the option to use their secure DNS or if you want something portable you can use the also excellent QTWeb which is built using the QT framework. From what I've been told by a poster here QTWeb will run on anything going back to Windows 98. Oh and for you Mac and Linux users? QTWeb has the links for those OSes in their download section, enjoy!

That will only be useful IF and this are pretty big IFs 1.- They even know what an alternative OS is and want to run one, and 2.- You have some way to test that Ubuntu will have ALL of the drivers for the myriad of hardware these people have so it all "just works" OOTB.

Since he mentions things such as games it is most likely he is NOT talking about Linux users as they would just get such things from their repo so all they would do is stick in the disc and find a bunch of files they simply wouldn't know what to do with. oh and then you get the "fun" of explaining what a BIOS is, how to get into it, how to switch it from whatever the OEM had it to having a removable drive be first boot, calming them down when they think you are "gonna break it", wow,talk about the gift that keeps on giving!

So let us assume the most likely scenario which is that these are Windows users who don't desire to learn how to switch operating systems for Xmas and think of some truly HELPFUL suggestions. Since I have actually made many a similar device in disc format I believe I can give some good ideas to get the ball rolling. you start with the always useful and free portable apps launcher that gives you a nice base to work off of and gives them a nice single .exe they can "clicky clicky". Then assuming they are happy with their AV and antimalware (which if not I'd put in the launcher for Avast Free and MalwareBytes under a heading of "antivirus") we move on to categories.

First we have LibreOffice which frankly I wouldn't have, while its a nice suite I've found most never use more than Writer and it wastes space so I'd go with AbiWord. For Internet Firefox is too slow and Chrome calls home so I would use either Comodo Dragon which to make portable simply install onto a folder on the flash while checking the "portable' box or QT Web which is a nice portable browser based on QT naturally. Personally I'd give them both, they are light and why not give them choice? Thunderbird, don't bother as even those that think they are on email are actually on webmail nowadays so use that space for InstantBird instead. Oh and throw in a few graphics programs just for fun, like Fotografix and Cornice as they are light and pretty simple.

Moving on to games we have Armagetron for a little Tron goodness, we have Atomic Tanks for a little Worms style fun, i know many will say Wesnoth but that game is a little hardcore if you're not already heavily into TBS so I'd skip it and if I were to put a strategy I'd go with Warzone 2100, Brutal Chess for a little 3D chess fun along with the always popular Texas Hold 'Em along with one of the several shooters and a nice Puzzle collection just to round things out.

Because unless they actually WANT to learn alternative OSes, the inside of their BIOS, and a completely new way of doing everything then saying 'Just put linux on it" really isn't a very nice gift now is it? I hope everyone sees that this gives them a simple useful gift with tons of software they can use NOW without needing to spend an hour or more being walked through changing the BIOS, how to find out if hardware has been detected, what to do if the wireless isn't working, etc. That is about as "fun" a way to spend

There is also an easy way to solve it, that is the combo of Comodo Dragon and Avast Free. you simply use the Dragon's built in secure DNS, which is constantly updated and will block any site that has malware (you can of course choose to go to the site anyway but Comodo tells you what malware is on the site so if you continue its your own stupidity) and if there happens to be a site Comodo doesn't catch (haven't seen one yet, but possible) then Avast, which scans the page BEFORE it loads will catch it and put a screeching halt to the page load and throw up a warning, again listing the malware that was detected.

Using this combo my users, some of which would get more viruses than a Bangkok whore, went down to nothing. Zip, zero nada, squat. I even loaded it on an XP test box (because XP security sucks compared to Win 7, which is what most of my users are now on) and just started clicking every link in my spam folder, just to see if I could infect the thing. I got a bazillion stop loads by Comodo along with Avast saying I shouldn't go to that site, but as long as I didn't click ignore, which should be called the "yes I'm a moron please infect me' button, all was golden. I ran three different offline scanners, two boot CD scanners, and two online scanners, and nothing. Zip zero nada squat. Then add in Win 7 with ASLR and DEP and you have a box that I can hand to my worst users and not have to worry about it coming back except for hardware upgrades.

So you CAN lock Windows down nicely, it just takes a little thought, that's all. I tried the same experiment with MSE and 3 got through, AVG let 2 past, Adaware Free also caught everything though, so if you prefer it over Avast its good. I've simply found my customers like Avast, especially that nice little female voice that Avast uses. But with the above you too can let your worst users loose on the net and go have a beer, confidant you won't be dealing with a zombie when you get back.

I quit using that bloated piggie of a browser when it reached FF 4, thanks ever so. I'd suggest you try Comodo Dragon instead bill. It is based on chromium so nice and fast, you can opt in to using their secure DNS (which doesn't affect the OS settings, just the browser) which I've found pretty much kills malware dead before it can even reach the system, all the good Chrome plugins like ABP, readability, and ForecastFox work on it, and most importantly it is NOT a bloated POS.

That said that EEE supports 8gb of RAM, which is currently going for $37 on Amazon so its dirt cheap to max that puppy out and let FF leak away. So while I can't tell you how FF runs on it, I CAN tell you editing 4 tracks while bouncing down to two in audacity worked great, the only slowdown was when i was experimenting with some heavy effects (which will slow down even my quad desktop) but other than that was sweet, editing docs in Word 2K7 while listening to playback? Nice. Tron Legacy in MPC? smooth as silk, I bet it would play some of my older games like Titan Quest well too, but who would want to game on a 12 inch screen?

all in all the best $340 I've ever spent on PC gear. That Brazos APU gets really great battery life and expressgate is just wonderful! and where else you gonna get a machine with HDMI, 320Gb HDD, USB 3, bluetooth AND 8Gb of RAM, all for less than $350 shipped? I love the hell out of the thing, its just too damned handy.

I have to agree. From the 1.x to the 3.x one could really see a solid progression of improvement, some big leaps, some small, but it was there. Then came 3.5.x.....OMFG. That is the only way I know to describe it...OMFG.

The amount of CPU spikes and memory suckage just went off the charts, testing FF with the wide variety of hardware I need to support (everything from first gen netbooks and 2004 era P4s to the latest multicores) I have found FF to be completely unsuitable for purpose on anything less than a 3GHz P4 with HT. Anything less than that and the CPU spikes will take control away from the users, sometimes for as long as two minutes if the new tab contains video, and you can just let FF sit without being used and it will continue to climb on memory usage until it hits swap for no damned reason other than major memory leaks.

Personally I blame this on Cargo Cult Usability as they have seen Chrome growing in popularity and have decided 'hey if we ape Chrome we'll be popular too!" while ignoring the simple fact that it is the underlying webkit engine that gives Chrome its speed and power and trying to bolt chrome style additions onto gecko is a recipe for disaster.

Personally when 3.5.x came out and I saw how simply worthless FF was on anything less than a 3GHz I started testing various alternatives, finally choosing and moving my users over to Comodo Dragon which gives the speed of Chrome, the ability to function well even on netbooks, no Google phone home crap, and some nice security features. The sad part is by trying to ape Chrome they are running off their users to Chrome because they are taking what once was a great browser and turning it into shit. It is a damned shame as I thought I would always use FF, but I don't need the hassle of supporting multiple browsers on multiple chips and now that they pull the plug on the previous the second they release "teh new hotness" I don't even get time for testing before they are borking shit all over again.

You know the browser is in bad shape when even my dad, who can't fricking STAND change, and will put up with half ass software rather than switch, is telling me "Son you gotta find me something else, this new Firefox is just too damned slow" and he is on an AMD quad with 4Gb of RAM! So long Moz, and thanks for all the fish.

I can answer that. Go to video sites that are NOT Youtube, like most of the 'Ow my balls!" kind of dumb vid sites? watch FF suck down memory like a wino sucking down MD 20/20. The Chormium based and IE seem to give mem back when you close tabs, FF? Not so much.

I have also seen cases where I had left FF running and went off to do something else and forgot about it and several hours later come back and memory had JUMPED a good 30-40%! Again it seems to be tied to whether or not you had played any videos that day.

This is why after years of having FF in my standard customer build I have replaced it with Comodo Dragon which IMHO has some nice extra features as far as security and no calling home to Google so it is the best Chromium based for me and my customers. I've always loved the FF UI but IMHO after the 3.6.xx branch FF has just gone to shit. Its memory usage is nuts, it spikes the living hell out of CPUs, especially if the tab you are launching contains video, its just a mess. I have to support everything from netbooks and late P4 office machines to multicore and I need something that will give a consistent experience. Dragon does, FF don't.

Personally I think it is the Gecko engine. I just don't think it has been able to take all the extra crap they have bolted on like plugin separation. Where FF once was a nice lean solid browser ever since Chromium came out it has been "Me too!" to the 50th power instead of just making FF the best FF it can be and I think it shows. I haven't seen memory leakage this bad since the 2.x.x branch. I hope they fix it so I can have another browser in the toolbox but right now the responsiveness and resource usage just isn't there. When it takes a good 25+ seconds to launch FF on a 2.8GHz quad with 8Gb of RAM? That is fucked up. The Dragon takes less than 5 seconds from click to typing.

If it is based on the gecko desktop engine I'm frankly not surprised. I always gave Firefox out to customers and had been using it myself since before it was even called Firefox but starting with the 3.6.x branch I simply found it unsuitable for purpose as a desktop browser which is why after trying several browsers I switched to comodo dragon which I now hand out instead.

I have to support a very wide range of users, from low end netbooks and midrange P4s to the latest multicores and I found the memory and CPU usage on FF after the 3.5.x build to simply be unacceptable. I have found on anything less than a 2.8Ghz with HT the browser will slam the CPU when launching a new tab, sometimes for over 30 seconds when the tab contains flash video, and even when left alone its memory usage will steadily climb until closed or it slams into the page file. Most importantly it will completely lose responsiveness and make the machine stall until the page has finished loading completely.

Compare this to Dragon on the same hardware where even on the 1.8Ghz Sempron I keep in the shop as a nettop I can launch multiple tabs and never have it hit above 60% CPU usage, flash tabs 70% , RAM usage stays consistent and when tabs are closed memory returned (FF seems to have a real problem with returning memory) and most importantly the browser NEVER loses responsiveness nor takes complete control of the machine away from the user.

Now why FF does this I don't know, but I have a theory. I think the Gecko engine simply isn't capable of doing certain features like separating plugins from the browser and bolting on all this functionality is causing serious issues. But whatever the reason when everything is going "green" and using less is desirable (such as RAM and CPU starved mobile devices) FF sucks ever more power and memory to do the same task. I truly hope they figure it out as I miss having NoScript but until they do I need a browser that runs everywhere and FF just doesn't do that anymore. I have to give Google credit as Chromium is quickly becoming what Gecko used to be, a great platform for building on top of.

Nope, in fact i'm typing this on my netbox at the shop, which is a 1.8GHz AMD Sempron CPU with 1.5Gb of RAM, and even with such a weak CPU I can launch a video tab in the background and get NO lockups with Comodo Dragon (Based on Chromium). Sadly I can't even use FF on this machine anymore because simply launching ANY tab will cause a 100% CPU spike that will last up to 45 seconds on a static page and Lord help you if it has any video element. You literally can't use FF on this machine anymore and considering that it is faster than most netbooks that is truly sad. I don't know what the Chromium guys did but it NEVER loses responsiveness.

Whatever the Moz devs after the 3.x branch frankly screwed the pooch as it was the last truly well working version on all boxes IMHO. frankly one shouldn't need a multicore with gobs of RAM just to load a webpage or watch an SD video and the fact that no only does FF not work well on less than an HT 3.0GHz P4 but it seems to seriously gobble memory (try launching FF and then walking away and leaving it on all day and see how much mem it uses without even surfing!) is simply inexcusable

I personally think it is the Gecko engine. I think they have tried bolting multi process features that the engine simply wasn't designed for like the plugin container and it simply can't handle it. But all I know is even on a slow low power CPU like this I'm using practically no CPU except when watching flash and even then it rarely hits above 35% and even after leaving Dragon on for the past 3 days the amount of memory I'm using is a paltry 198Mb of RAM (Use About:Memory to check any Chromium browser's memory state. you can even launch the same tabs in FF and compare the two with the feature) and that is a BIG difference compared to my exp with FF 5.

If you haven't tried Comodo Dragon give it a spin. Better security features, better speed, and NO lockups!